Reputation: 477
Limiting what a user can see
I've got a TFS server in which team projects exists. These team projects have area paths below them. These area paths represents projects of certain customers. We want to give customers access to their area path.
The problem is when we do that they automatically gain access to all other area paths withing that team project. Is there a way of limiting access so the customers can only see their area path and nothing else?
Upvotes: 2
Views: 1455
Answers (2)
Reputation: 21
As mentioned in this thread, by design a team can access other teams backlogs and work items.
To deny different teams access to other teams work items I used a workaround which might work for you as well.
The workaround is to use TFS security groups to limit teams access to area paths. By default, every team is created as a member of the default security group [project]\Contributors which gives the team access to all area paths.
Here are the steps I followed:
- Create a new security group for every team
- Make the new groups members of the Contributors default group
- Add every team as a member of its new respective security group
- Remove all teams from the Contributors group
- In the project's areas admin screen, open each area's context menu and click the security option (check this article)
- In the security view, add the newly created security groups
- For each group, allow/deny the permissions based on your requirements
Please note, this workaround will not hide other area paths from the users in the not allowed groups. They still can navigate to backlogs of other groups but they will not view or edit the work items. This behavior is same for reports and dashboards as well
Upvotes: 2
Reputation: 30382
No such a feature to limit users in team project level with the area path set.
Area path only restricts the users on work items:
Area paths allow you to group work items by team, product, or feature area. Whereas, iteration paths allow you to group work into sprints, milestones, or other event-specific or time-related period. Both these fields allow you to define a hierarchy of paths.
Please see About area and iteration paths (aka sprints) for details.
So, if you don't want to the users see the specific team projects, then you just need to remove the users from the related TFS groups.
If you just want to restrict the users on manage the sources/files or source control on specific Repository/branches, then you can create teams or groups and set the permission accordingly. Please see below articles for details:
Upvotes: 2
Related Questions
- How to Restrict Access to Certain Folders under Project on TFS Server
- Restrict team access to areas and/or work items
- Granting only board access in Azure DevOps
- TFS allow some users just to view the work items and queries
- VSTS Restrict access to sensitive work items
- How to allow a user to access only specific projects in my solution
- Visual Studio Team Services (TFS Online) - Restrict access to code
- How to prevent users from viewing settings and permissions on Visual Studio Team Services (formerly Team Foundation Service)
- Visual Studio Online - Limit access to certain files in project?
- TFS restrict access